| filename | necurs.sys | |
|---|---|---|
| size | 79288 (0x135b8) | |
| md5 | 78f9e2a98116e89c5b39e2a98c069f97 | |
| type | PE32+ executable (native) x86-64, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xd0 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
Data Directory
| module_name | hint | ord | function_name |
|---|---|---|---|
| ntoskrnl.exe | 139 | ExFreePoolWithTag | |
| ntoskrnl.exe | 1353 | RtlCopyLuid | |
| ntoskrnl.exe | 1466 | RtlInitUnicodeString | |
| ntoskrnl.exe | 1454 | RtlGetVersion | |
| ntoskrnl.exe | 314 | FsRtlIsNameInExpression | |
| ntoskrnl.exe | 801 | KeQueryActiveProcessors | |
| ntoskrnl.exe | 957 | MmGetPhysicalAddress | |
| ntoskrnl.exe | 142 | ExGetExclusiveWaiterCount | |
| ntoskrnl.exe | 970 | MmIsVerifierEnabled | |
| ntoskrnl.exe | 1505 | RtlIsGenericTableEmpty | |
| ntoskrnl.exe | 712 | KeBugCheckEx | |
| ntoskrnl.exe | 145 | ExGetSharedWaiterCount | |
| ntoskrnl.exe | 115 | ExAllocatePoolWithTag | |
| HAL.dll | 80 | KeQueryPerformanceCounter |
Signers (1)
issuer: /CN=Ygebenymy
serial: -32EF68A271A6AF5EB78ACA1AEC281AAC
Certificates (1)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)32:ef:68:a2:71:a6:af:5e:b7:8a:ca:1a:ec:28:1a:ac
Signature Algorithm: sha1WithRSA
Issuer: CN=Ygebenymy
Validity
Not Before: Mar 5 07:39:15 2014 GMT
Not After : Dec 31 23:59:59 2039 GMT
Subject: CN=Ygebenymy
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:f6:d1:b7:96:14:29:a5:29:f6:69:62:e5:95:52:
9f:f7:61:dd:4f:1c:62:56:01:19:24:80:ec:6a:6d:
44:87:49:bb:a2:11:8e:ac:af:92:27:60:8a:69:b0:
7d:42:41:b3:b0:21:84:2c:70:e7:15:50:38:a0:a1:
0c:33:7f:43:3d:2f:84:dd:f0:0e:9c:8f:6d:e1:08:
2f:36:3c:20:6f:04:97:f1:e7:97:90:81:28:20:37:
60:72:2d:b7:85:95:3d:9e:fc:73:15:d4:28:b4:34:
52:42:e7:ef:39:d1:74:3e:59:d2:e9:20:e4:3c:93:
6b:70:a8:3b:86:c5:78:7d:47
Exponent: 65537 (0x10001)
X509v3 extensions:
2.5.29.1:
0<..vs5.=r.[..........0.1.0...U....Ygebenymy.....].YP.Hu5....T
Signature Algorithm: sha1WithRSA
Signature Value:
45:ce:32:5e:1f:98:ce:14:e5:1a:a7:1c:28:dc:9c:33:92:36:
cb:7a:5f:0c:c8:1d:af:63:0d:84:28:2c:0f:a6:2e:ff:b8:50:
37:2e:50:d7:62:0e:9e:a3:c3:25:0f:52:90:65:41:7a:db:d5:
f8:3b:b5:29:54:17:02:2e:ac:ce:17:63:a1:73:4e:de:01:2b:
da:c5:91:f1:08:04:79:e2:98:2f:01:d7:18:2e:8c:0f:bb:21:
0b:74:49:1b:17:99:81:0d:03:58:58:e5:75:ad:69:e8:6b:d6:
ad:6c:6d:eb:c3:f8:b7:a2:0f:02:2f:2e:b9:72:b8:5a:c9:2a:
e2:25
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
85 27 23 e3 0f eb f3 3c 6e 93 59 63 e7 2b 39 8a |.'#....
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- -67704480979170040490177994103173159596
- RSA-SHA1-2: nil
- CN: Ygebenymy
- 2014-03-05 07:39:15 UTC: 2039-12-31 23:59:59 UTC
- CN: Ygebenymy
- #5
- rsaEncryption: nil
- F6:D1:B7:96:14:29:A5:29:F6:69:62:E5:95:52:9F:F7:
61:DD:4F:1C:62:56:01:19:24:80:EC:6A:6D:44:87:49:
BB:A2:11:8E:AC:AF:92:27:60:8A:69:B0:7D:42:41:B3:
B0:21:84:2C:70:E7:15:50:38:A0:A1:0C:33:7F:43:3D:
2F:84:DD:F0:0E:9C:8F:6D:E1:08:2F:36:3C:20:6F:04:
97:F1:E7:97:90:81:28:20:37:60:72:2D:B7:85:95:3D:
9E:FC:73:15:D4:28:B4:34:52:42:E7:EF:39:D1:74:3E:
59:D2:E9:20:E4:3C:93:6B:70:A8:3B:86:C5:78:7D:47: 0x010001
- 2.5.29.1
76 73 35 df 3d 72 16 5b 89 e0 2e e5 e4 b5 9e 89 |vs5.=r.[........|
- CN: Ygebenymy
cd 10 97 5d 8e 59 50 a1 48 75 35 e5 13 d7 e5 54 |...].YP.Hu5....T|
- RSA-SHA1-2:
45 ce 32 5e 1f 98 ce 14 e5 1a a7 1c 28 dc 9c 33 |E.2^........(..3| 92 36 cb 7a 5f 0c c8 1d af 63 0d 84 28 2c 0f a6 |.6.z_....c..(,..| 2e ff b8 50 37 2e 50 d7 62 0e 9e a3 c3 25 0f 52 |...P7.P.b....%.R| 90 65 41 7a db d5 f8 3b b5 29 54 17 02 2e ac ce |.eAz...;.)T.....| 17 63 a1 73 4e de 01 2b da c5 91 f1 08 04 79 e2 |.c.sN..+......y.| 98 2f 01 d7 18 2e 8c 0f bb 21 0b 74 49 1b 17 99 |./.......!.tI...| 81 0d 03 58 58 e5 75 ad 69 e8 6b d6 ad 6c 6d eb |...XX.u.i.k..lm.| c3 f8 b7 a2 0f 02 2f 2e b9 72 b8 5a c9 2a e2 25 |....../..r.Z.*.%|
- 2
- 1
- #0
- CN: Ygebenymy
- -67704480979170040490177994103173159596
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
21 98 9b d0 f6 47 bc 2b d9 f0 31 8b a9 9a 94 a8 |!....G.+..1.....| 99 4e 82 1b |.N.. |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
ca 8b a4 76 9f f3 66 32 75 be a2 b9 87 85 56 14 |...v..f2u.....V.| 87 50 15 b7 dd eb 3e 64 36 99 89 ff 65 42 e9 49 |.P....>d6...eB.I| 07 56 65 af 1b 99 1d 0b a4 af 63 0d ce 86 45 2a |.Ve.......c...E*| 79 5b e5 b7 d6 00 e2 95 d3 45 9c aa dc f5 83 f7 |y[.......E......| b3 64 7d 8e 32 3a 30 73 61 18 1f 59 e6 55 5d e2 |.d}.2:0sa..Y.U].| 78 e7 33 d2 5d b7 03 19 15 92 ea 7e d0 a1 41 05 |x.3.]......~..A.| 6e 54 b0 a9 c1 73 85 45 36 84 f3 91 cc f9 0e 55 |nT...s.E6......U| 75 d1 14 d9 81 1c 2a fa 05 41 bd 77 1b e4 35 bd |u.....*..A.w..5.|
- #0
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK